Friday, May 20, 2011


Possible Bug On Windows XP | Hidden Processes Appear As Open Applications

Is it a Weird bug ? Not really, I guess it’s a Trojan attach. Suddenly, all Background & hidden processes appear as open applications.

I've had a weird bug occur on one of our domain machines recently, which I have seen only once before in my life.

A user complained that applications suddenly started opening up on their own, after the user clicked on something (not sure what but it wasn't anything out of the ordinary). At first I thought they had a stuck key on the keyboard or something, but after I looked at the user's screen, I was shocked to find something altogether different.

Most of the processes that normally run in the background and some that are completely hidden, suddenly opened up in their own separate window on-screen, as if they were applications. They also appeared on the user's taskbar; some with strange looking icons.
The computer hadn't crashed - it was still responding and, aside from a large white box that covered part of the screen and hid everything else behind it, still useable.

The only thing is, you weren't able to close down any of the open processes/apps and aren't able to restore the screen to normal until you reboot the machine.

I checked the event logs and found absolutely nothing. Not a single event occurred out of the ordinary according to the event viewer. Anti-virus finds nothing, spyware scans reveal nothing either. I'm convinced this is some kind of Windows bug - possibly related to some 3rd party app we have installed (possibly not!).

One of the processes is named 'MCI command handling window' - which rings a bell from the last time I encountered this, and I'm sure this has something to do with it. I have attached some screenshots as they will help massively in explaining this incredibly strange bug.

Trojan WebHancer.A Attacked Windows XPScreen Shot 1
Trojan WebHancer.A Attacked Windows XP 2Screen Shot 2

The user in question says this has happened twice now. They didn't report it the first time round.

Looks like Microsoft released a sneaky patch for this. It may well have been caused by a 3rd party such as Outlook, but we basically never saw it again since I posted this!!


About bench3 -

Haja Peer Mohamed H, Software Engineer by profession, Author, Founder and CEO of "bench3" you can connect with me on Twitter , Facebook and also onGoogle+

Subscribe to this Blog via Email :